Spit "Unix was chock full of security holes for decades. It's just had more time to close them up."

Of course. Heck, There are exploits and attacks currently out there that are for Linux and Unix systems. The reality is that these systems are as vulnerable as any other system.

Of course, a well maintained system under most of the popular OS's is pretty secure - it's simply a matter of people maintaining the system.

Spit "The problem with Windows isn't Windows the OS. It's Outlook Express and MS deciding that email should be in html format, displayed by IE, and running every type of scripting on the planet. That has become the main target."

Actually MS didn't "decide" that email should be HTML - it simply enabled it. As an interesting side note the default installation of modern Outlook and Outlook Express system keeps email HTML in the most restrictive security zone as defined in IE This means that by default a clean install doesn't do that stuff of late as far as I know.

Of course, the scripting patches closed it for older systems as well.

Spit "Viruses and trojans attached to files is as old as computers and no OS is immune."

I agree entirely - of course under modern systems it is fairly easy to sandbox new files. Under XP it is pretty easy for instance to simply mark your normal account as NOT being an administrator. It's a little bit of a pain when you want to install a program (right click and "Run-As" admin) but it is worth it.

This sort of thing has been available for a long time under Windows (2000, NT and now XP) but few folks take advantage of it.

Jaqui "sorry, but I'm not involved at all in hacking into other people's computers, nor will I ever teach someone how to do so."

Then I'll gently suggest that the problem is a lot harder than you think it is :) I do a fair amount of security work and I will let you know that there isn't one good currently known way to slip a trojaned executable past a good outgoing firewall without tricking the end user in some manner in a manual operation.

Phantast "The writing is on the wall, and one day we will all have to read it, whether we like what it says or not - and what it says is L I N U X"

It's never going to happen. The chance came and went - the train left and Linux wasn't on it. For a little while, Linux had something to offer the common user - stability and security. With the release of OSX, Windows 2000 and then Windows XP all the technical advantages to Linux went away. There is currently not one compelling technical advance in the Linux system - and the seriously broken 2.4 releases coupled with the corruption of hard drives happening under 2.5 have destroyed the idea that Linux is inherently more stable.

Linux is a nice server system for those people who want it - we run Linux servers ourselves for our clients and ran them for our own use for a long time - I myself have been running Linux since .9 era pre-alpha releases. it's cool, and it's cute... but it is never going to take over the world.

Marque "If Linux wasn't free would you still say it's better than windows? Just wondering."

I think it is fairly clear from terms like "winblows" and "M$" that for many people Linux is not about technology, it is about anti MS bias and ideology.

That's fine - but the simple reality is that any technical advantage is long gone.

crisjon1950: Norton is good stuff. It's saved my fanny a time or three also... Soulhuntre: Agree that a lot of the "pro-linux" folks out there are "anti-M$" as much as anything else, but UNIX in it's variations (including linux, BSD, Solaris, etc.) have been around as multi-threaded network operating systems since the early '70s. Yes, there are some un-stable versions, but a Unix administrator will think nothing of a server that's been humming along for years without a reboot or crash. A Windows administrator will brag about being up for weeks. Windows, on the other hand, has tried to be "user friendly" since it's creation. Unix flavors have only been focusing on that for a couple of years. It's only natural that windows is a more common interface for users, because it's easier to use. Just like it's only natural that Unix (and its varients) are preferable for network servers because of their stability.

I agree I don't like Microsoft but I've used Windows exclusively for the last 10-12 years through 3.1/95/98/ME/NT4 & now XP & I'll continue to use it till I see an OS that can really beat it on the PC. Of all the versions of windows I've used XP for me has been the best, ME was the worst version I tried even 3.1 was more stable. As long as I have a machine that can run Poser5/6/7 I'll be happy with whatever OS can handle the job. Rob

One of my first impressions of windoze came with version 3.1, when you hit -- (reboot for DOS) it would come back with something like "are you sure you wanna do that?" As if you could hit that by accident...

I bought my first pc just so I could play Doom 1000 just to play a game, I haven't changed a bit, now I buy 1200 PC so I can render Naked Vicky in a Temple pictures. Rob

Just a note - I've always loathed Unix in all its guises. For me to put up such a post even considering Linux is a near-miracle. But if it's the only route to security and privacy I may have to go that way.

jchimim - "Yes, there are some un-stable versions, but a Unix administrator will think nothing of a server that's been humming along for years without a reboot or crash. A Windows administrator will brag about being up for weeks."

I agree, sort of :)

Obviously the larger Unix systems (Solaris, AT&T SysV, BSD) have a long history but Linux is considerably younger - and has a much less consistent quality control process in place. Current Linux 2.5 for instance has a IDE subsystem that is consistently destroying filesystems and the SCSI code doesn't even have a maintainer. That does not bode well for it.

As always. much fun can be had reading the Linux kernel development emails :)

My point is not that Linux is bad - but that the long history of Unix development doesn't apply. Linux is a ground up re-write by amateurs who by and large have never seen the source to a large Unix and many have not been involved in a large coding project at all. If I was going to bet the farm on an open source OS it would definitely be one of the BSD's. Probably NetBSD.

As for uptimes, good Windows administrators have always had machines that ran without any problems at all - only rebooting for software upgrades and security patches when desired. Since Windows 2000 and NT 4.5 it has rarely if ever been known for Windows servers to reboot spontaneously unless the hardware is bad.

Leaving a machine, ANY machine that is critical, up for years these days means that you are ignoring serious and important upgrades fixing bugs and security holes.

jchimim "Just like it's only natural that Unix (and its varients) are preferable for network servers because of their stability."

And that is changing... the migration to Unix variants is being seriously altered by the massive success of WindowsXP. It is fast, secure and stable. It is easy to administer and compatible with a huge amount of software as well as being a platform for ASP.NET development - an incredibly cool technology that is winning a lot of converts among the perl/python/Linux or death crowd :)

Microsoft won this round. Linux will always be there - but it won't be the thing that topples MS.

To be fair to MS, how do you defend against a program that has been loaded onto a computer by the user and then executed? This file wasn't e-mailed, exploiting Outlook Express or Explorer. Trusting people have downloaded it, and will potentially run it.

I would imagine running an executable file on any other OS would be equally risky. Firewalls cannot be relied on to catch these things. After the program is up and running, it could disable your firewall, disable Virus detection, then do whatever it wants, because you have given it control.

soulhuntre - "Current Linux 2.5 for instance..."

Red Hat's up to 7.X now...

soulhuntre - "Leaving a machine, ANY machine that is critical, up for years these days means that you are ignoring serious and important upgrades fixing bugs and security holes."

At one position, we had a solaris machine that had been up over two years. It was acting an an RLOGIN/DNS/TFTP server. There's no point in upgrading a machine that's doing it's job.

soulhuntre - "the migration to Unix variants is being seriously altered by the massive success of WindowsXP. It is fast, secure and stable. It is easy to administer..."

Agree, Windows XP (and 2K for that matter) are dramatic improvements over previous versions of windows, but I personally still would not load them on a critical system. Would you feel more comfortable with air traffic controllers relying on a Solaris platform or a Windows XP platform?.

easy to administer is the key to choosing windows over unix. Windows administrators are easier to find and less expensive to pay than Unix administrators.

I understand that the file was called "A New Character for Vicki", but was that really the name of the file? "A New Character for Vicki.exe" or something like that? Guy

jchimim - "Red Hat's up to 7.X now..."

And living on Linux 2.4 or 2.5 kernels. Probably 2.4 given 2.5's problems. When discussing "Linux" it is only possible to discuss the kernel itself, not the revision number of each distribution.

**jchimim - ** "At one position, we had a solaris machine that had been up over two years. It was acting an an RLOGIN/DNS/TFTP server. There's no point in upgrading a machine that's doing it's job."

Of course not - and that's fine as long as your willing to accept the risks of having the unpatched holes. But I can guarantee you that there have been exploits for that system that have been patched in those 2 years. Hopefully that's not a problem for that box :: shrugs :: impossible for me to say.

Along those lines, we have Windows NT servers here that have never once crashed in all the time they are in service, often for years. While the uptime is not that long because we routinely maintain the systems the reality is we could simply leave them running and uptimes of years would be trivial to achieve.

The point is that there is nothing inherent in Linux or Unix that is more stable these days ... not since Windows NT 4.5 and certainly not since 2000.

**jchimim - ** "Would you feel more comfortable with air traffic controllers relying on a Solaris platform or a Windows XP platform?."

I wouldn't worry about it one way or the other to be honest. I would be much more interested in the stability of the application code running on the system itself. I do know I wouldn't put it on a Linux system - there is way too much code int here that has never had a serious Q&A review.

jchimim - "easy to administer is the key to choosing windows over unix. Windows administrators are easier to find and less expensive to pay than Unix administrators."

Well actually the key is application availability and a vastly superior set of development tools... not to mention a fairly low total cost of ownership and great support from multiple vendors.

Administrators are not a problem in either case.. the number of Linux/Unix people out there who will admin boxes for Pizza is fairly high. There is no real need to pay Unix admins more than Windows admins these days - it used to be so when Unix/Linux skills were rare - but that simply isn't the case.

Of course, good admins in either OS are able to demand more money - and most of the good ones can admin either system :)

Roy G - "I would imagine running an executable file on any other OS would be equally risky. Firewalls cannot be relied on to catch these things. After the program is up and running, it could disable your firewall, disable Virus detection, then do whatever it wants, because you have given it control."

If you are happy with a little extra trouble under Windows AND Linux you can avoid this. Simply do not give your everyday work login access to change those files. That way you would have to actively login or "Run As" an administrator to do so... running a Trojan under your normal account would not let it hurt that way because it wouldn't have access.

ghoyle1 the file name was joshie.exe

Hi ghoyle1, From Post 1) "At this web page they have a program called Y3K Remote Administration Tool Pro and Joshie.exe seems to be exactly that. When run it puts a program called server.exe in the Windows/System directory" The file dowloaded is"Joshie.exe" but if you run it,it installs a program called"server.exe" look for either one of those. Tom

Soulhuntre, we fall into that ancient (at least by geek standards) debate that only time will settle, and I suspect the other folks following this thread are probably rolling their eyes (or cursing under their breath) at us for "hi-jacking" it...

So true :) A well, thanks for an interesting (and civil!) discussion :)

...another nay-say to the argument about Linux's stability being due to it's age: It's also more stable (at times, overall) because it is being programmed by thousands of programmers, instead of the core group at microsoft, which I estimate couldn't be more than a few hundred, tops. The power of open-source: When someone finds a bug, they have to power to fix it right away, or at least tell someone who can :)

"It's also more stable (at times, overall) because it is being programmed by thousands of programmers, instead of the core group at microsoft, which I estimate couldn't be more than a few hundred, tops. The power of open-source: When someone finds a bug, they have to power to fix it right away, or at least tell someone who can :)" Actually - if you read the developers list you will see that a very few people contibute a fair majority of the code... and that much of the remaining code goes in from sources that are of dubious skill and that overall the testing structure is pretty weak. This leaves Linux with the worst of all worlds - the number of high caliber programmers working ont he system remains smaller than a commercial OS, but the number of semi and low skilled programmers who pollute the code-base is much higher than a commercial system :) Let's be honest, 95% of those who run Linux never look at or fix the source code, so the user base isn't helping very much. So far "the power of open source" has come up with some an OS with deep flaws in the virtual memory subsystem, a seriously out of date SCSI subsystem and a scheduler with problems of it's own - not to mention an IDE hard drive subsystem that blows away whole filesystems at whim. Linux is not a shining example of development - it turns out that "many eyes" do not make bugs shallow but can corrupt the code... and the "mythical man-month" applies to open source as much as commercial code.

I have no idea how what started out as a warning for other members to avoid a malicious file posing as a poser freebie got turned into the age old debate of "my operating system is better than yours".